package xdi2.messaging.target.interceptor.impl.linkcontract;

import java.util.ArrayList;
import java.util.Iterator;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import xdi2.core.ContextNode;
import xdi2.core.Graph;
import xdi2.core.constants.XDIDictionaryConstants;
import xdi2.core.constants.XDILinkContractConstants;
import xdi2.core.features.linkcontracts.instance.LinkContract;
import xdi2.core.features.nodetypes.XdiAbstractEntity;
import xdi2.core.features.nodetypes.XdiEntity;
import xdi2.core.features.policy.PolicyRoot;
import xdi2.core.syntax.XDIAddress;
import xdi2.core.syntax.XDIStatement;
import xdi2.core.util.XDIAddressUtil;
import xdi2.core.util.iterators.CompositeIterator;
import xdi2.messaging.Message;
import xdi2.messaging.MessageResult;
import xdi2.messaging.Operation;
import xdi2.messaging.constants.XDIMessagingConstants;
import xdi2.messaging.context.ExecutionContext;
import xdi2.messaging.exceptions.Xdi2MessagingException;
import xdi2.messaging.exceptions.Xdi2NotAuthorizedException;
import xdi2.messaging.target.MessagingTarget;
import xdi2.messaging.target.Prototype;
import xdi2.messaging.target.impl.graph.GraphMessagingTarget;
import xdi2.messaging.target.interceptor.AbstractInterceptor;
import xdi2.messaging.target.interceptor.InterceptorResult;
import xdi2.messaging.target.interceptor.MessageInterceptor;
import xdi2.messaging.target.interceptor.TargetInterceptor;
import xdi2.messaging.target.interceptor.impl.util.MessagePolicyEvaluationContext;

/* loaded from: input_file:WEB-INF/lib/xdi2-messaging-0.7.4.jar:xdi2/messaging/target/interceptor/impl/linkcontract/LinkContractInterceptor.class */
public class LinkContractInterceptor extends AbstractInterceptor<MessagingTarget> implements MessageInterceptor, TargetInterceptor, Prototype<LinkContractInterceptor> {
    private Graph linkContractsGraph;
    private XDIAddress defaultLinkContractAddress;
    private static Logger log = LoggerFactory.getLogger(LinkContractInterceptor.class.getName());
    private static final String EXECUTIONCONTEXT_KEY_LINKCONTRACT_PER_MESSAGE = LinkContractInterceptor.class.getCanonicalName() + "#linkcontractpermessage";

    public LinkContractInterceptor(Graph graph) {
        this.linkContractsGraph = graph;
        this.defaultLinkContractAddress = null;
    }

    public LinkContractInterceptor() {
        this.linkContractsGraph = null;
        this.defaultLinkContractAddress = null;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // xdi2.messaging.target.Prototype
    public LinkContractInterceptor instanceFor(Prototype.PrototypingContext prototypingContext) {
        LinkContractInterceptor linkContractInterceptor = new LinkContractInterceptor();
        linkContractInterceptor.setLinkContractsGraph(getLinkContractsGraph());
        linkContractInterceptor.setDefaultLinkContractAddress(getDefaultLinkContractAddress());
        return linkContractInterceptor;
    }

    @Override // xdi2.messaging.target.impl.AbstractExtension, xdi2.messaging.target.Extension
    public void init(MessagingTarget messagingTarget) throws Exception {
        super.init((LinkContractInterceptor) messagingTarget);
        if (getLinkContractsGraph() == null && (messagingTarget instanceof GraphMessagingTarget)) {
            setLinkContractsGraph(((GraphMessagingTarget) messagingTarget).getGraph());
        }
        if (getLinkContractsGraph() == null) {
            throw new Xdi2MessagingException("No link contracts graph.", null, null);
        }
    }

    @Override // xdi2.messaging.target.interceptor.MessageInterceptor
    public InterceptorResult before(Message message, MessageResult messageResult, ExecutionContext executionContext) throws Xdi2MessagingException {
        XDIAddress linkContractXDIAddress = message.getLinkContractXDIAddress();
        if (linkContractXDIAddress == null) {
            linkContractXDIAddress = getDefaultLinkContractAddress();
        }
        if (linkContractXDIAddress == null) {
            if (log.isDebugEnabled()) {
                log.debug("No link contract specified by message.");
            }
            return InterceptorResult.DEFAULT;
        }
        ContextNode deepContextNode = getLinkContractsGraph().getDeepContextNode(linkContractXDIAddress, true);
        if (deepContextNode == null) {
            if (log.isDebugEnabled()) {
                log.debug("No link contract context node found in graph.");
            }
            return InterceptorResult.DEFAULT;
        }
        XdiEntity fromContextNode = XdiAbstractEntity.fromContextNode(deepContextNode);
        if (fromContextNode == null) {
            if (log.isDebugEnabled()) {
                log.debug("No link contract entity found in graph.");
            }
            return InterceptorResult.DEFAULT;
        }
        LinkContract fromXdiEntity = LinkContract.fromXdiEntity(fromContextNode);
        if (fromXdiEntity == null) {
            if (log.isDebugEnabled()) {
                log.debug("No link contract found in graph.");
            }
            return InterceptorResult.DEFAULT;
        }
        if (log.isDebugEnabled()) {
            log.debug("Found link contract " + fromXdiEntity);
        }
        putLinkContract(executionContext, fromXdiEntity);
        PolicyRoot policyRoot = fromXdiEntity.getPolicyRoot(false);
        if (policyRoot == null) {
            return InterceptorResult.DEFAULT;
        }
        if (Boolean.TRUE.equals(policyRoot.evaluate(new MessagePolicyEvaluationContext(message, getLinkContractsGraph())))) {
            return InterceptorResult.DEFAULT;
        }
        throw new Xdi2NotAuthorizedException("Link contract policy violation for message " + message.toString() + " in link contract " + fromXdiEntity.toString() + ".", null, executionContext);
    }

    @Override // xdi2.messaging.target.interceptor.MessageInterceptor
    public InterceptorResult after(Message message, MessageResult messageResult, ExecutionContext executionContext) throws Xdi2MessagingException {
        return InterceptorResult.DEFAULT;
    }

    @Override // xdi2.messaging.target.interceptor.TargetInterceptor
    public XDIAddress targetAddress(XDIAddress xDIAddress, Operation operation, MessageResult messageResult, ExecutionContext executionContext) throws Xdi2MessagingException {
        LinkContract linkContract = getLinkContract(executionContext);
        if (linkContract == null) {
            throw new Xdi2MessagingException("No link contract.", null, executionContext);
        }
        Boolean bool = null;
        if (isSetOnDoAddress(xDIAddress, operation)) {
            XDIAddress subXDIAddress = XDIAddressUtil.subXDIAddress(xDIAddress, 0, XDIAddressUtil.indexOfXDIArc(xDIAddress, XDILinkContractConstants.XDI_ARC_DO));
            if (decideLinkContractPermission(XDILinkContractConstants.XDI_ADD_SET_DO, subXDIAddress, linkContract)) {
                bool = Boolean.TRUE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization succeeded, because of " + XDILinkContractConstants.XDI_ADD_SET_DO + " permission on target address " + subXDIAddress);
                }
            } else {
                bool = Boolean.FALSE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization failed, because of missing " + XDILinkContractConstants.XDI_ADD_SET_DO + " permission on target address " + subXDIAddress);
                }
            }
        }
        if (bool == null) {
            if (decideLinkContractPermission(operation.getOperationXDIAddress(), xDIAddress, linkContract)) {
                bool = Boolean.TRUE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization succeeded, because of " + operation.getOperationXDIAddress() + " permission on target address " + xDIAddress);
                }
            } else {
                bool = Boolean.FALSE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization failed, because of missing " + operation.getOperationXDIAddress() + " permissions on target address " + xDIAddress);
                }
            }
        }
        if (Boolean.TRUE.equals(bool)) {
            return xDIAddress;
        }
        throw new Xdi2NotAuthorizedException("Link contract violation for operation: " + operation.getOperationXDIAddress() + " on target address: " + xDIAddress, null, executionContext);
    }

    @Override // xdi2.messaging.target.interceptor.TargetInterceptor
    public XDIStatement targetStatement(XDIStatement xDIStatement, Operation operation, MessageResult messageResult, ExecutionContext executionContext) throws Xdi2MessagingException {
        LinkContract linkContract = getLinkContract(executionContext);
        if (linkContract == null) {
            throw new Xdi2MessagingException("No link contract.", null, executionContext);
        }
        XDIAddress targetXDIAddress = xDIStatement.isContextNodeStatement() ? xDIStatement.getTargetXDIAddress() : xDIStatement.getContextNodeXDIAddress();
        Boolean bool = null;
        if (isSetOnDoAddress(targetXDIAddress, operation)) {
            XDIAddress subXDIAddress = XDIAddressUtil.subXDIAddress(targetXDIAddress, 0, XDIAddressUtil.indexOfXDIArc(targetXDIAddress, XDILinkContractConstants.XDI_ARC_DO));
            if (decideLinkContractPermission(XDILinkContractConstants.XDI_ADD_SET_DO, subXDIAddress, linkContract)) {
                bool = Boolean.TRUE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization succeeded, because of " + XDILinkContractConstants.XDI_ADD_SET_DO + " permission on target address " + subXDIAddress);
                }
            } else {
                bool = Boolean.FALSE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization failed, because of missing " + XDILinkContractConstants.XDI_ADD_SET_DO + " permission on target address " + subXDIAddress);
                }
            }
        }
        if (!Boolean.FALSE.equals(bool) && isSetOnRefRepStatement(xDIStatement, operation)) {
            if (decideLinkContractPermission(XDILinkContractConstants.XDI_ADD_SET_REF, xDIStatement.getContextNodeXDIAddress(), linkContract) && decideLinkContractPermission(XDILinkContractConstants.XDI_ADD_SET_REF, xDIStatement.getTargetXDIAddress(), linkContract)) {
                bool = Boolean.TRUE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization succeeded, because of " + XDILinkContractConstants.XDI_ADD_SET_REF + " permission on target addresses " + xDIStatement.getContextNodeXDIAddress() + " and " + xDIStatement.getTargetXDIAddress());
                }
            } else if (decideLinkContractPermission(XDILinkContractConstants.XDI_ADD_SET_REF, xDIStatement, linkContract)) {
                bool = Boolean.TRUE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization succeeded, because of " + XDILinkContractConstants.XDI_ADD_SET_REF + " permission on target statement " + xDIStatement);
                }
            } else {
                bool = Boolean.FALSE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization failed, because of missing " + XDILinkContractConstants.XDI_ADD_SET_REF + " permissions on either target addresses " + xDIStatement.getContextNodeXDIAddress() + " and " + xDIStatement.getTargetXDIAddress() + ", or target statement " + xDIStatement);
                }
            }
        }
        if (bool == null) {
            if (decideLinkContractPermission(operation.getOperationXDIAddress(), targetXDIAddress, linkContract)) {
                bool = Boolean.TRUE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization succeeded, because of " + operation.getOperationXDIAddress() + " permission on target address " + targetXDIAddress);
                }
            } else if (decideLinkContractPermission(operation.getOperationXDIAddress(), xDIStatement, linkContract)) {
                bool = Boolean.TRUE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization succeeded, because of " + operation.getOperationXDIAddress() + " permission on target statement " + xDIStatement);
                }
            } else {
                bool = Boolean.FALSE;
                if (log.isDebugEnabled()) {
                    log.debug("Authorization failed, because of missing " + operation.getOperationXDIAddress() + " permissions on either target address " + targetXDIAddress + ", or target statement " + xDIStatement);
                }
            }
        }
        if (Boolean.TRUE.equals(bool)) {
            return xDIStatement;
        }
        throw new Xdi2NotAuthorizedException("Link contract violation for operation: " + operation.getOperationXDIAddress() + " on target statement: " + xDIStatement, null, executionContext);
    }

    public Graph getLinkContractsGraph() {
        return this.linkContractsGraph;
    }

    public void setLinkContractsGraph(Graph graph) {
        this.linkContractsGraph = graph;
    }

    public XDIAddress getDefaultLinkContractAddress() {
        return this.defaultLinkContractAddress;
    }

    public void setDefaultLinkContractAddress(XDIAddress xDIAddress) {
        this.defaultLinkContractAddress = xDIAddress;
    }

    private static boolean isSetOnDoAddress(XDIAddress xDIAddress, Operation operation) {
        return XDIMessagingConstants.XDI_ADD_SET.equals(operation.getOperationXDIAddress()) && XDIAddressUtil.indexOfXDIArc(xDIAddress, XDILinkContractConstants.XDI_ARC_DO) != -1;
    }

    private static boolean isSetOnRefRepStatement(XDIStatement xDIStatement, Operation operation) {
        if (XDIMessagingConstants.XDI_ADD_SET.equals(operation.getOperationXDIAddress()) && xDIStatement.isRelationStatement()) {
            return XDIDictionaryConstants.XDI_ADD_REF.equals(xDIStatement.getRelationXDIAddress()) || XDIDictionaryConstants.XDI_ADD_REP.equals(xDIStatement.getRelationXDIAddress());
        }
        return false;
    }

    private static boolean decideLinkContractPermission(XDIAddress xDIAddress, XDIAddress xDIAddress2, LinkContract linkContract) {
        ArrayList arrayList = new ArrayList();
        arrayList.add(linkContract.getPermissionTargetXDIAddresses(xDIAddress));
        arrayList.add(linkContract.getPermissionTargetXDIAddresses(XDILinkContractConstants.XDI_ADD_ALL));
        int i = -1;
        Iterator<T> it = new CompositeIterator(arrayList.iterator()).iterator();
        while (it.hasNext()) {
            XDIAddress xDIAddress3 = (XDIAddress) it.next();
            if (XDIAddressUtil.startsWithXDIAddress(xDIAddress2, xDIAddress3, false, true) != null) {
                int numXDIArcs = xDIAddress3.getNumXDIArcs();
                if (numXDIArcs > i) {
                    i = numXDIArcs;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Link contract " + linkContract + " allows " + xDIAddress + " on " + xDIAddress2);
                }
            }
        }
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(linkContract.getNegativePermissionTargetXDIAddresses(xDIAddress));
        arrayList2.add(linkContract.getNegativePermissionTargetXDIAddresses(XDILinkContractConstants.XDI_ADD_ALL));
        int i2 = -1;
        Iterator<T> it2 = new CompositeIterator(arrayList2.iterator()).iterator();
        while (it2.hasNext()) {
            XDIAddress xDIAddress4 = (XDIAddress) it2.next();
            if (XDIAddressUtil.startsWithXDIAddress(xDIAddress2, xDIAddress4, false, true) != null) {
                int numXDIArcs2 = xDIAddress4.getNumXDIArcs();
                if (numXDIArcs2 > i2) {
                    i2 = numXDIArcs2;
                }
                if (log.isDebugEnabled()) {
                    log.debug("Link contract " + linkContract + " does not allow " + xDIAddress + " on " + xDIAddress2);
                }
            }
        }
        boolean z = i > i2;
        if (log.isDebugEnabled()) {
            log.debug("Link contract " + linkContract + " decision for " + xDIAddress + " on address " + xDIAddress2 + ": " + z);
        }
        return z;
    }

    private static boolean decideLinkContractPermission(XDIAddress xDIAddress, XDIStatement xDIStatement, LinkContract linkContract) {
        boolean z = linkContract.hasPermissionTargetXDIStatement(xDIAddress, xDIStatement) || linkContract.hasPermissionTargetXDIStatement(XDILinkContractConstants.XDI_ADD_ALL, xDIStatement);
        if (log.isDebugEnabled()) {
            log.debug("Link contract " + linkContract + " allows " + xDIAddress + " on " + xDIStatement);
        }
        boolean z2 = linkContract.hasNegativePermissionTargetXDIStatement(xDIAddress, xDIStatement) || linkContract.hasNegativePermissionTargetXDIStatement(XDILinkContractConstants.XDI_ADD_ALL, xDIStatement);
        if (log.isDebugEnabled()) {
            log.debug("Link contract " + linkContract + " does not allow " + xDIAddress + " on " + xDIStatement);
        }
        boolean z3 = z && !z2;
        if (log.isDebugEnabled()) {
            log.debug("Link contract " + linkContract + " decision for " + xDIAddress + " on statement " + xDIStatement + ": " + z3);
        }
        return z3;
    }

    public static LinkContract getLinkContract(ExecutionContext executionContext) {
        return (LinkContract) executionContext.getMessageAttribute(EXECUTIONCONTEXT_KEY_LINKCONTRACT_PER_MESSAGE);
    }

    public static void putLinkContract(ExecutionContext executionContext, LinkContract linkContract) {
        executionContext.putMessageAttribute(EXECUTIONCONTEXT_KEY_LINKCONTRACT_PER_MESSAGE, linkContract);
    }
}
